back to article Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

The latest release of Chromium-based browser Vivaldi has extended ad blocking to handle cookie warning dialogs and sent a shot across the bows of Google's ad technology, FLoC. That first bit will appeal to anyone tired of the cookie dialogs and banners that have popped up in websites as a result of regulation. While the aim of …

  1. mark l 2 Silver badge

    Considering that all browser makers (including Google) have decided that third party cookies support has or will be removed from the browser. Will all those cookie consent forms be relevant going forward?

    As they are annoying and I often ad them to my ublock origin block list so they don't keep coming back

    1. Brewster's Angle Grinder Silver badge

      The consent dialogs penalise users who are doing the right thing. I reset cookies when my browser quits. So I have to re-assent every session. I view them popping up as proof it's working. But it's a huge annoying penalty to pay for being security conscious.

      And they are getting ever more annoying - the YouTube ones are particularly bad; whereas El Reg's is sitting here at the bottom of the screen unclicked...

      1. Charlie Clark Silver badge

        Permission is required for non-essential cookies. As state cannot be preserved in a browser without cookies, the cookie that needs to be set representing your decision, must be reset every session, hence the banner for you in every session. That's not the issue: the issue is the way websites attempt to gain consent for everything with misleading "accept all" buttons.

        1. martyn.hare
          Angel

          Time for a standard cookie consent name and value pair

          That way, consent can be recorded forever while other cookies unrelated to consent itself can be blitzed.The value would be codified as well as the name to prevent abuse. Problem sorted for legitimate websites with fixed [sub]domain names! One could then “clear cookies” without clearing consent.

          Or, even better... bring P3P back but with slightly more customisability. Users could pick “legitimate interest” objections from a list while companies could register their opt-in/opt-out requests in a database held within your browser, which would allow you a central panel with which to opt in or out to various features.

        2. teknopaul Silver badge

          and these accept all are not valid. cookies are fine if not used for anything nefarious. And click throughs are not acceptable justification if thus consent is then used for stuff that's not considered a fair trade for the services offered by the site.

          Nothing in the click through permits sites to use location data for ads no matter what the small print says if location is not an obvious feature of the site. In Europe. And that's getting contested. buB these pop-ups are not what GDPR specified as necessary, or even valid, for obtaining consent.

        3. Elfo74

          Weeeeell...

          If some cookies are "essential" for website functionality (and I can't reject those) why is my decision (made last time I visited) to NOT consent to the advertising/tracking ones recorded?

          Do I HAVE to reject all "non essential" cookies every time I visit the website?

          If "essential" cookies can record my username they can bloody hell record my answer to this question the last time I gave it to you...

      2. Anonymous Coward
        Anonymous Coward

        > And they are getting ever more annoying - the YouTube ones are particularly bad; whereas El Reg's is sitting here at the bottom of the screen unclicked...

        Youtube are clearly abusing the legislation in order to 'encourage' users to create accounts and sign-in rather than use the service anonymously.

        Well done the EU on this legislation which has clearly prevented all tracking.

        I think I'd quite like a mode that clicked yes on my behalf automatically but then cleared all cookies when the session ended.

        1. MiguelC Silver badge

          on Firefox you can use the following:

          I don't care about cookies - auto accepts all cookies

          Cookie AutoDelete - clears cookies on site exit or browser closing, depending on your choice

          1. RegGuy1 Silver badge

            Bob on. Just accept all then later delete them all or close the browser to delete them all (of course set that first).

            I delete all my cookies multiple times a day. So I may have to log in again. So what? I know those third parties are going to get somewhat confused. This works on Chrome[1] too. Just watch with Chrome, if you say delete them all on closing, and close the browser it's funny that always just one cookie may still be there -- and it's ALWAYS a google one. So delete that when you open the browser again, close it again, and you're good to go.

            Google -- cunts. NEVER EVER EVER use Chrome. EVER. Only the browser can see between tabs. Oh look, the google spyware can see between tabs. Fuck off google. NO CHROME.

            [1] Spit.

            1. HildyJ Silver badge
              Stop

              I use Firefox with uBlock Origin, block all third party cookies, and delete all cookies on exit.

              For sites where I need to use a Chromium based browser (doctors' practices in the US are the worst) I use Microsoft Edge with uBlock Origin and delete all cookies on exit.

              I never open Google Chrome [1] on my Android phone and I don't even have it installed on my PCs.

              [1] Puke in my mouth

          2. Dabooka Silver badge

            Is this not too late though?

            I am no expert at all so please correct me, but a lot of these are served to linking multiple devices, accounts and other nefarious purposes are they not?

            Surely by allowing them access the damage is done there and then and deleting them is all a bit late. Sure we could use incognito tabs and what not for each page but I assume there's something specific lurking that these trackers look for to link multiple machines and accounts.

            As I say thought I am not an expert so I wouldn't be listening to my ramblings!

      3. Anonymous Coward
        Anonymous Coward

        The consent dialogue box is supposed to be that, consent, everything is supposed to be off by default, you give consent to enable it. That's not how most have done it even though that is the requirement.

        So it pops up each time for people that clear the cache, but it should be the case of just closing the request if they implemented as was intended.

      4. FlamingDeath Silver badge

        Reddit is the worst, that website just constantly pesters me to click stuff

        ‘Download our mobile app to view our cruddy website so we can sell more of your data.’

        Just trying to get to the full post someone made is just too much hassle so I go elsewhere

  2. Joe W Silver badge

    This.

    "for users it can be annoying and can leave them preferring to hit the Accept All button"

    As I understand it, the common practice of making a big <blink>"ACEEPT ALL"</blink> button and a small, grey "edit" button, which leads to a menu with

    1) a bajillion little settings to turn off

    2) a flashing <blink>"ACEEPT ALL"</blink> button

    3) a small, grey "none"

    4) an even smaller "save these settings"

    is not ok as per the regulations. Yes, ElReg, I'm looking at you as well.

    There are some websites that have a big "yes" / "no" choice, and a small "edit" one. This is how it should work.

    1. Aoyagi Aichou

      Re: This.

      It's just two clicks here. Hardly a dark pattern.

      1. katrinab Silver badge
        Megaphone

        Re: This.

        It is supposed to be opt-in, not opt-out. If it is one click to opt in, and anything more than one click to not opt in, then you have an opt-out system.

        1. Aoyagi Aichou

          Re: This.

          As far as I know, the EU regs require *consent*, not opt in.

          1. Halfmad

            Re: This.

            INFORMED consent, not just consent.

            They also require that you are not penalised for not consenting, you know like made to jump through hoops to disable individual options, get a spinning "we're changing your settings" dial then a wait for the site to reload.

            It should be accept all, accept only functional, reject all or edit. Not what we currently get.

            1. jmch Silver badge

              Re: This.

              "It should be accept all, accept only functional, reject all or edit. Not what we currently get."

              To be fair, I've seen a number of sites with accept/edit, and edit leads to accept all / accept functional / reject. Not perfect but almost.

              It's mostly US based sites that have a bajillion options with individual settings for each saying accept and another option something like 'fair use' (I can't remember the exact term but seems to be a legalese for accepting without actually saying 'accept'. I just avoid these sites altogether

            2. Aoyagi Aichou

              Re: This.

              That's beside the point, which is the difference between "opt in" and "consent". Any form of consent.

        2. TheMeerkat Bronze badge

          Re: This.

          Even one click is too much for a site one visit casually.

          This stupid rule demanding this question should be recalled.

          1. Robert Carnegie Silver badge

            Re: This.

            A site could assume no consent if you are not clicking from one page to another, and not bother the user. They choose not to do that. (I'm thinking once you use an internal link on the web site, that would be the time that you discuss the relationship.)

            A site could install rootkit software on your computer and capture everything that you see and do from then on. It is very illegal to do that, but they could.

            They could fill your computer with cookies but that's also illegal in the EU, and presumably in the UK for now.

            They can refuse service to EU users. That happens.

            A broadly standard design offers "Cookie me lots" and "I have reservations" buttons. Click on "I have reservations" and you may get a small list of yes/no options to set, an "I've decided" button, and "Cookie me lots" is still there too, which isn't fair. I've even seen over 100 buttons to select or reject each of a web site's advertisers. That is usually enough for me to leave. You can almost guarantee that some of the 100 buttons no longer work.

            Sites where I refused consent often ask me again some time later. A cookie nominally has a defined lifespan, expiry date, and presumably, refusing consent puts a "Refused" cookie in my browser, until it expires. I haven't examined that, but I think it may be a month lifetime, or less. And of course I also get the prompt in a different browser or a different PC. They could make it fifty years, but they don't. Maybe it's fifty years when you say Yes.

            The Opera browser, which I use, has a mode since 2019, happily optional, to consent automatically to these cookie requests. Yes to everything, unless I misunderstood the announcement. Vida Vivaldi, though I'm sticking with Opera for now.

    2. Elfo74

      Re: This.

      The Register, unlike some sites, does not have a "reject all" button alongside the "accept all" button.

      Shame on you.

      And no, you can't hide behind the "b...b...but it's the law! I HAVE TO DO IT" excuse.

      1. Anonymous Coward
        Anonymous Coward

        Re: This.

        With the Reg I simply don't enable scripting. In almost every case its not a problem at all. Usually its an improvement, as forum posts are automatically expanded.

        With YouTube I have everything enabled in Noscript, but not in uMatrix or Decentralise. I'm running CookieKeeper and SelfDestructingCookies. And I Don't Care About Cookies. The latest annoying page when you go to YouTube disappears and the site loads, and if I'm going to a vid, I may have to click to pause it - this is the bit that bugs me, that I can't stop them autoplaying anymore - though usually I go straight to a channel's Videos page, so don't have that problem.

        Either way I download whichever vid I want to watch, for offline viewing, without ads. It seemed like an inconvenience at first, but of course online or off you're still downloading it. And if you have the speed (or you're not using a PAYG mobile) that you don't have to start watching online to decide if you want to watch the entire vid, you can get the link via DDG and not go to YouTube at all.

    3. Pascal Monett Silver badge

      Re: This.

      More and more, I am seeing websites that have the popup contain two buttons : ont to accept all, in green (obviously), and one to check - in red.

      Psychological wars aside, I am often surprised by a page that lists possible cookies in 3 sections : indispensable, operational and marketing - and often it's only the indispensable that is pre-allowed.

      In other words, good behavior is spreading.

      Of course, that may be a statistical quirk of the subset of websites that I visit vs the rest of them. YMMV.

      1. Neil Barnes Silver badge

        Re: This.

        I too have been pleasantly surprised in this way recently - though the uninformed cynic in me does tend to wonder 'indispensable to whom?'...

      2. low_resolution_foxxes Silver badge

        Re: This.

        European websites are getting quite good at the accept/reject button.

        Slimy USA news websites and weather companies are pretty terrible in this area.

        1. Chris G Silver badge

          Re: European websites

          Of course, one must remember that European does not include the UK.

          Even before the UK was out of the Union, British sites usually in my experience made a point of ignoring GDPR as much as possible concerning cookie consent and of course still do even though Britain is still theoretically constrained by GDPR.

          It's about about time for a Cookie Free Website Association with a big badge at the top of the entry page.

          1. Hubert Cumberdale Silver badge
            Headmaster

            Re: European websites

            Contrary to popular opinion, Britain is still a part of Europe; much as some would like to unshackle us entirely from our continent, geography does not permit.

            1. Captain Scarlet Silver badge

              Re: European websites

              To be fair I think he just forgot to add Union in his text.

              "remember that the European Union does"

              1. Hubert Cumberdale Silver badge

                Re: European websites

                Well, if I'm honest, I'm fully aware that in actual use, "Europe" (on its own) has multiple meanings. (I guess I just like being a bit of a dick about it sometimes.)

                1. Captain Scarlet Silver badge
                  Trollface

                  Re: European websites

                  Don't we all, we are only human.

      3. Mike 137 Silver badge

        Re: This.

        "it's only the indispensable that is pre-allowed"

        It all depends on the definition of "indispensible". To escape the need for consent a cookie has to be essential for delivery of the service to the user, not just "indispensible" to your business. So a shopping cart or login cookie does not require consent if without it the service to the user can't be delivered. However the site owner has a duty to be explicit about exactly what cookies are used and what for, and to identify those deemed "indispensible" - this is what the GDPR refers to as "transparency" and it allows a user to challenge the site owner about cookie use (although in practice much good may it do them).

      4. Hubert Cumberdale Silver badge

        Re: This.

        one to accept all, in green (obviously), and one to check - in red.

        Thankfully, I'm red–green colour blind, so these tactics have no effect on me!

      5. Robert Carnegie Silver badge

        Re: This.

        I think you'll find, all the cookies are pre-allowed unless you select to choose what to allow. Even when choosing offers you then Yes, No, and No by default.

        And I read those carefully just in case it is No to Necessary cookies and Yes to All the targeted advertising. Or in case they have a new name for it like "Facilitated communications" that turns out to mean "We sell your browsing history to criminal transplant organ dealers".

        1. Robert Carnegie Silver badge

          Re: This.

          Oh, I just found https://www.gov.uk/help/cookies

          "We use 4 types of cookie. You can choose which cookies you're happy for us to use.

          Cookies that measure website use Yes/No

          Cookies that help with our communications and marketing Yes/No

          Cookies that remember your settings Yes/No

          Strictly necessary cookies Yes

          Is this page useful? Yes/No"

          which is the odd one out!

  3. katrinab Silver badge
    Megaphone

    The GDPR doesn't require consent for "cookies", it requires consent for "tracking technologies" of which cookies are one implementation. Cookies used for purposes other than tracking are not tracking technologies, and therefore not covered by the GDPR.

    1. Aoyagi Aichou

      Interestingly enough, these "tracking technologies" of yours aren't mentioned once in the GDPR.

      1. captain veg Silver badge

        Possibly because Directive 2009/136/EC predates GDPR.

        -A.

    2. JakeMS

      Yup.

      My business's online side strictly sets only cookies necessary for operation of the store, there's no analytics, ads, or third party cookies set in any form.

      This is great because it means there's no tracking cookies at all. Thus, our cookie notice is a simple one liner "This website uses cookies to ensure you get the best experience on our website. Privacy Policy(link)" - with a single button "got it". So, no ridiculous long scary menu's asking what cookies to set.

      The privacy policy lists all of the 6 possibly set cookies, which the website uses to configure itself:

      PHPSESSID, language, currency, cnotify (got it button), display (grid/list product view, set if changed by user), customer (hashed customer ID, if logged in).

      Other than that, no other cookies will be set at any time.. it makes complying with cookie law so much easier :-D.

      But we're just a small family run retail business, so we don't need all the tracking or other junk that the big stores/businesses need.

      Since we also only collect data strictly necessary to deliver items to the customer and process the transaction.. yup.. GDPR was a walk in the park too, pretty much all of the security requirements it requested were already implemented, users already had the ability to delete their accounts or view the data we held, and we don't sell customer data, nor share it with "partners". It took me about a week to sort a couple of minor legal bits out to ensure compliance with our third party payments provider (stripe).

      Heck, even our in-store layaway system only collects their name and phone number as standard. An optional email address can be provided to match the account to an online account if they would like to be able to manage their layaway via our website (make payments, view etc, but must be activated in-store).

      (Yes, all databases are encrypted, with proper security during communications between our custom in-store epos system and dedicated servers)

      All in all, doing it yourself carefully, and only adding/using stuff you actually need saves a whole heap of legal stuff and expenses.

      Added extra: TTFB around 115-180ms, page fully loaded in around 500ms-1s depending on amount of product images and internet speed ofc.

      Sometimes, less is better.

      1. LybsterRoy Bronze badge

        Reading your post I am prompted to ask "who does need these tracking cookies?"

        Targeted ads - hmmm. I've just replaced my car should I get emails asking if I want to buy another?

        Maybe its the marketing / advertising department that needs a little education so that they realise they're wasting their money?

        Maybe its the Board that needs educating on how much bigger their bonuses could be if they stopped wasting so much money on useless advertising.

        1. Cliffwilliams44 Bronze badge

          "Its all about the money!"

          Apparently Jake's company is perfectly happy making the money they do from selling goods and services and doesn't need/want the advertising revenue from spamming other companies adds on their web site nor spending the money to have their products spammed on other companies web sites!

          Quite admirable in today's world!

          1. JakeMS

            To be honest, we're a small business that's only been running 8 years now that started as a simple market stall, but we've grown over those years and throughout the pandemic, even with our store closed for most of the tax year.

            We mostly serve a small town with a population of less than 30k, that tied in with being a niche market (gothic/alternative clothing/accessories/figurines) - so we are able to offer help and advice in a field where most people simply don't understand it.

            That's our edge because, while anyone could sell these types of products, not so many could also understand the lifestyle, interests and difference amongst the brands of quality, sizing and popularity.

            We actually have a private list of "no go" brands that we actively avoid due to poor manufacturing quality, we don't sell crappy copper jewellery that'll turn your fingers green for example, instead we sell our preferred brand that produces much higher quality products.

            We focus primarily on simply providing good old fashioned customer service, and giving our customers the feeling of being with people who understand them.

            Our primary method of advertising is old fashioned too, it's the old "word of mouth" method. See, generally we find our customers shop with us because they enjoy the experience (help provided, atmosphere etc) and the quality of the products we sell (we use only carefully selected brands, and only sell stuff we ourselves would trust and use.)

            This usually leads to our customers leaving our store happy, and in turn they will tell their friends about us. That's why sometimes we get customers who travel halfway across the country just to visit our little store that's in the middle of nowhere.

            The best form of advertisement is, and always will be, recommendations from your friends.

            Sure, we could pay to get a bunch of ads thrown in your face, but the chances are high you'll mostly ignore the ads (or block them, like I do).

            TV ads are much the same, personally I mostly ignore them.

            We don't chase the money path like the big businesses, we simply enjoy what we do and what we sell, and our customers see that.

            And so, that's how we fund our business and website. No tracking or dirty tactics necessary.

    3. rg287 Silver badge

      The GDPR doesn't require consent for "cookies", it requires consent for "tracking technologies" of which cookies are one implementation. Cookies used for purposes other than tracking are not tracking technologies, and therefore not covered by the GDPR.

      It doesn't require either.

      It requires that you have a lawful purpose to collect, store or process personal information, regardless of whether that data is to be used for tracking or not. It's it's personal data relating to a natural person, then GDPR covers it. Cookies set for some non-essential, non-tracking purpose would still require consent.

      Session cookies to cover things like logins and shopping baskets are necessary and are covered by either purpose 'b' ("Fulfilment of a Contract" - i.e. we can't provide site functionality to you without them) or purpose 'f' ("Legitimate Interest").

      Non essential cookies, (for tracking or any other purposes) require consent (purpose 'a' under GDPR, and as described by "the Cookie Directive"), as no other lawful purpose would cover them.

      You are of course correct that other tracking technologies, such as firing off a line of javascript on page load would be equally covered by GDPR as it relates to collecting personal user data. So could the processing of server logs containing things like client IP addresses. This is not restricted to cookies, but it's also not restricted to tracking vs. non-tracking.

      There are plenty of sites out there which don't have "cookie banners" because they simply don't do anything non-essential. There are likewise millions of sites out there with completely unnecessary consent banners because people think "I need one of those", even though they don't actually set any non-essential cookies or do any data collection. And those in the middle who reassuringly - but unnecessarily - state "We only set essential cookies".

  4. Pascal Monett Silver badge

    The eternal popup predicament

    "While the aim of the questions is noble, for users it can be annoying and can leave them preferring to hit the Accept All button rather than wading through what can sometimes be pages of options to turn off every setting, "

    This problem is not new. It is the eternal issue of the fact that users invariably view a popup as an impediment to Get Stuff Done, so the knee-jerk reaction is to get rid of it the fastest way possible.

    It is well known that users can click OK, Accept or whatever without even reading the text of the popup. They are even capable of spending more time making sure they get rid of said popup as fast as possible than they would reading it.

    1. yetanotheraoc Silver badge

      Re: The eternal popup predicament

      In the bad old days I sent the team an email with a button that would install a Lotus Notes database. One of them sent a reply "It didn't work." I walked over to her desk and asked her to show me. She clicked the button, and an error message appeared on screen, which quick as lightning she clicked OK. Then she waited for something to happen, and when it didn't said to me, "See? It didn't work." So I said I wanted her to click the button, and this time when the error dialog appeared, not to click on it, so I could read the message. ... She clicked the button, and an error message appeared on screen, which quick as lightning she clicked OK. :) At which point, I had visions of the Saturday Night Live tech support guy, "Out of the way!" I restrained myself, and asked if it would be okay if I clicked the button instead. It turned out to be a permissions issue, which affected a couple of other users as well, easy to sort out.

  5. Disgusted Of Tunbridge Wells Silver badge
    Facepalm

    > (and add favoured sites, like The Reg, to the exception list).

    With those full page background ads that you accidentally click 90 times a visit? No thanks.

    1. Hubert Cumberdale Silver badge

      There are ads on the Reg? I didn't realise.

      1. Disgusted Of Tunbridge Wells Silver badge

        That's my point. I have to block them for the site to be usable.

        I'd turn the blocker off if the ads were reasonable.

  6. Fonant

    I don't care about cookie warnings

    Recommended browser plugin: https://www.i-dont-care-about-cookies.eu

    1. Robert Carnegie Silver badge

      Re: I don't care about cookie warnings

      Is that the "I don't care who in the entire world knows everything that I do on my computer" version?

  7. aerogems Bronze badge

    Say what you will about FLoC

    I largely agree with the assessments of others, that as it is right now FLoC would, at best, make it only marginally harder for unscrupulous companies to put together profiles on you... at least they had something to offer as an alternative. Most of the time all you hear is "tracking cookies bad! grrrrrr!" Which is fine as an opinion, but less than useful when trying to figure out a different approach besides one of scorched earth. If Google actually considers the criticisms leveled at FLoC and incorporates some changes to address them, and works with some of the researchers who panned the current implementation, they could be onto something.

    1. nintendoeats Silver badge

      Re: Say what you will about FLoC

      You already mentioned my proposed alternative: scorched earth. I'm not sure why I would be in favor of anything else.

    2. yetanotheraoc Silver badge

      Re: Say what you will about FLoC

      I didn't downvote you, but I did upvote the scorched earth guy.

      "If Google actually considers the criticisms leveled at FLoC and incorporates some changes to address them, and works with some of the researchers who panned the current implementation, they could be onto something."

      Google is already onto something. That's the problem. Google *carefully* considered all the criticisms, but their only interest is in quelling the critics without changing what FLoC does.

  8. Roger Greenwood

    Choose your paranoia level:-

    1 - 1 device, 1 browser for everything (don't care/no money/clueless/life is too short)

    2 - many devices, 1 browser for everything (still don't care but has money)

    3 - many devices, different browsers for different tasks (care a bit)

    4 - different device per task (overpaid/overthinking/properly cautious)

    I think I am generally level 3 with a bit of level 4 for some tasks....

    1. Anonymous Coward
      Anonymous Coward

      Re: Choose your paranoia level:-

      @Roger Greenwood

      We fit into c1. As in, don't care and life is too short. We are far from clueless as somehow we manage to make a success of our business, therefore we have enough money. (Though sadly not millions)

      Our answer to all this tracking thing is have one computer with no personal or customer info on it, to be used only for the internet. And it only takes a few seconds and 6 nouse clicks to clear caches and history. There are a couple of ad blockers on the machine, but life is too short to fight a battle we/you will never win.

      And, kindly, dump the superior attitude

      1. nintendoeats Silver badge

        Re: Choose your paranoia level:-

        He says, after expressing his superior attitude...

  9. Mike 137 Silver badge

    No surprise there

    'Some sites may not let you in at all and may not work as you expect them to as they actually require cookie consent for some functionality."'

    There is an exemption from consent where "the cookie is strictly necessary to provide an ‘information society service’ (eg a service over the internet) requested by the subscriber or user. Note that it must be essential to fulfil their request – cookies that are helpful or convenient but not essential, or that are only essential for your own purposes, will still require consent." [ICO guidance on PECR]

    The cookie issue is strictly a matter for European Directive 2002/58/EC in the EEA and PECR in the UK rather than the GDPR, but making consent obligatory is strictly unlawful under both. Of course this doesn't bother anyone on the supply side. Our research into the GDPR compliance of web sites strongly suggested that nobody in business gives a toss about complying with the law. It might as well never have been implemented.

    However the apparent popularity (on this thread at least) of the announced blocker suggests many users don't care about their privacy either, but some of us do, so it's nice this blocker is not a default or mandatory.

  10. Robin 12

    What was once old is new.

    Once upon a time, in what seems like the dark ages, Firefox had "Ask me everytime" to accept cookies function, which I loved. It would allow me to select which cookies I would accept and which to block. They removed it, now it looks like the once old feature is something that people are looking for as a new feature. The "feature" was removed about 2016 of 2017.

    1. Jellied Eel Silver badge

      Re: What was once old is new.

      Problem with selecting cookies is there's often so many of the damn things. Which is also the problem with some of the 'settings' nagware currently on websites. As others have pointed out "Yeh, Whatever" is a simple choice, trying to figure out which ones are really essential, and which aren't is generally obfusticated.

      It's also been interesting to see how many websites seem to have outsourced their settings to scumbags like Quantcast.

      1. Mike 137 Silver badge

        Re: What was once old is new.

        "Problem with selecting cookies is there's often so many of the damn things"

        The real problem with selecting cookies under browser control is that the browser can't know what they're used for. For example, the "first party/third party" decision is not where privacy control resides, as it's perfectly possible for an essential cookie to be third party and an abusive tracker to be first party.

        To adequately protect user privacy and comply with the legislation, cookie management has to be done server side, based on the purpose, not just the origin, of cookies (and other trackers).

        1. Jellied Eel Silver badge

          Re: What was once old is new.

          Indeed, although it's not necessarily the browser that's the problem, but the odds of a user understanding what all the options are if they don't just click the big 'Accept' button. Sometimes that can be as simple (or hard) as figuring out what radio buttons mean as it's not always obvious if they mean accept or deny. I've noticed a few sites recently that have labelled buttons more clearly, ie on/off labels.

      2. Robin 12

        Re: What was once old is new.

        I agree.

        When I first started to do this, it was a pain but over time I had enough sites blocked in the cookie manager that it became easier. As many sites are now using advertising cookies from using their own domain, this is even more useful. Even years ago, you could see this as sites would throw cookies for trackers from their own domain.

        In my blocked list, I still have many sites that start with ads.{first party domain} from the early days. Yes, it was a pain but it was worth it.

  11. Anonymous Coward
    Anonymous Coward

    A stupid question...

    Am I the only one that uses the pop up blocking function of their browser? It's set to auto block all of them so I never see any. Do modern browsers no longer allow this? If so then modern browsers suck sweaty monkey arse.

    1. martyn.hare

      Modern sites don't use popups

      A pop-up is a window or tab which is spawned. Modern websites use CSS element hiding and other DOM manipulation techniques not covered by pop-up blockers. Of course, uBlock Origin, AdGuard and Adblock Plus all have ways to mitigate a lot of these annoyances using content filtering hooks.

  12. TheMeerkat Bronze badge

    The main issue - the stupid EU rule that required this question. As with a many government regulation there are unintended consequences.

    The easiest way to solve it is for the EU to recall the rule. But I don’t think EU is able to do this as it would mean admitting their mistake.

    I wonder if the U.K. can remove just this part of GDPR now that we are not part of the EU?

  13. xyz

    Oi BBC....

    I think they're after you.

  14. steviebuk Silver badge

    But aren't they required by EU law?

    That is the main issue. I run my own website, it was only for and still is an online place I can put all my IT notes, so no matter what job I'm now at, I have easy access to all my notes. Because I've suck adverts on the site (I think I'll remove them now, they make me no money, not even a penny) I had to put a message up that you're aware. Also because the site can take comments (which I might as well turn off) thanks EU, some things you do are good, this was always a stupid one, forcing hobby sites to also comply.

    1. steviebuk Silver badge

      Re: But aren't they required by EU law?

      Two downvotes? Decided as none of the adverts make even 1p I've removed it all and the cookie acceptance box. Annoyance of GDPR having to have it.

    2. Robert Carnegie Silver badge

      Re: But aren't they required by EU law?

      I downvoted because you didn't give a reason to have adverts on a web site that apparently only you use, intentionally. As for consent, since it is your web site, presumably you already consent to everything that it does.

      I suppose that I could find your web site, accidentally, if Google knows about it. If it is a hosted Wiki, for instance.

      Then you would have to have consent control on any feature of it that amounts to me providing information to the web site, instead of the other way around.

      Otherwise, I suppose that "Authorized users only" and a login or PIN prompt as the front page would be enough to legally keep me out and let you in.

      That just leaves that (1) running a web site may be not your main job or skill set and some of this stuff can be hard, and (2) what if you are temporarily working at the hardware key logger factory in the testing department.

      For (2) you could create a separate account in your web site, stevie_when_at_keyloggers when you log in from that job.

      For (1) you could just put all the data for your personal use onto Facebook and let them do the admin. But then using that in the workplace may be frowned on.

      1. steviebuk Silver badge

        Re: But aren't they required by EU law?

        Ah right. I'll explain

        Been doing computers for years. Work as an simple desktop engineer. Always thought "I want a place to store all my notes, not ones specific to work that I possible can't share but general ones about fixing issues I came across".

        Everytime I sit to do a website, I spend ages looking for a design. Because I was crap at HTML and CSS I'd eventually get bored and nothing would get done.

        Years later I finally found Wordpess. Realised you have the free version you just need hosting and a domain. So bought both, set it up in 2010 or 2011 and been putting my notes on it ever since "A place for my notes so I have access to them anywhere, others may find it useful"

        Some people would comment and thank me for some of the notes. Some notes where fixes I'd not found elsewhere. Anyway. Its not a job, it costs me £79 a year for the hosting, I'm with a nice host and wanted the middle tier package.

        Decided maybe I could try and fund the hosting with adverts and the Amazon really shit affiliate link system. Got nothing from it. Then GDPR came in and it mumbled something about even private blogs will need disclaimer that a site uses cookies. Well I knew my ads must have cookies so assumed I had to put an "This site may have tracking cookies press OK" to cover myself as I'm a small 1 man band who couldn't afford a fine if it came to it.

        After making the last comment I realised in the past 2 years since having the ads they've made me fuck all. So now gotten rid, along with the shit Amazon links. So assume I can remove the cookie concent now. Only issue might be allowing comments via discuss which I guess I could just disable.

        1. Robert Carnegie Silver badge

          Re: But aren't they required by EU law?

          Ah, that does make sense. Thank you for taking the time to explain. You now have an up vote. ;-)

          I suppose that for "legal" reasons, if your stuff is public although not looking for attention, then you may want to have another disclaimer anyway, like "This information isn't guaranteed. If you rely on it and it goes wrong, too bad for you. ;-)" I get stuff wrong...

  15. JulieM

    Come on, Mozilla!

    I had a look at the Vivaldi site; but when I came to download it, I could only find pre-compiled packages. No raw .tar.gz, not even a git repository to clone.

    You wouldn't eat food if it did not have the list of ingredients and the nutritional breakdown on the pack. Because there are some foods you definitely wouldn't eat, even if they *did* have that information on the pack. And if someone seems to be making an effort to stop me from finding out what's inside something, that most probably is because they don't think I would like it if I knew what was in it.

    I'm sure "cookie crumbling" functionality will be coming to a browser I can actually trust in due course. In the meantime, the methods I'm already using to protect myself will have to suffice.

    1. Lon24 Silver badge

      Re: Come on, Mozilla!

      Repositories are there for *ubuntu, Raspbian and others. Apt updated to 3.8 yesterday. A dialogue-free visit to Vulture Towers today ...

      This not good enough?

      1. JulieM

        Re: Come on, Mozilla!

        Unless there is a raw .tar.gz in there, no. I can't tell the difference between a genuine effort to help me avoid remembering how to spell "make install" and an attempt to trick me into installing something I would rather not.

        Here is a bowl of Smarties. One of them -- only one is poisoned. All the rest are harmless. Go on, eat a handful! Most of them won't kill you!

    2. Negative Charlie

      Re: Come on, Mozilla!

      > You wouldn't eat food if it did not have the list of ingredients and the nutritional breakdown on the pack.

      You've never eaten at a restaurant?

      In most cases a restaurant patron just wants to eat a meal prepared by an expert and doesn't need to check out the kitchen, but if you ask nicely then a reasonable restaurant owner would normally allow any patron a quick backstage tour (and grant full access to any health inspector).

      Vivaldi does the same: https://vivaldi.com/source/

  16. RyokuMas
    Holmes

    Interesting...

    ... how only a few years ago that many on here would scoff about Internet Explorer, and how they "only used it to download Chrome"...

    Let's take this opportunity to learn from history!

    1. A.P. Veening Silver badge

      Re: Interesting...

      "only used it to download Chrome a decent/real browser"

      FTFY ;)

  17. Anonymous Coward
    Anonymous Coward

    Blacklist? Can it be retermed blocklist please

    Realise there will be some downvotes, but given this is a net new article, would be great to see more appropriate terms being used.

  18. PassiveSmoking

    Malicious Compliance

    "While the aim of the questions is noble, for users it can be annoying and can leave them preferring to hit the Accept All button rather than wading through what can sometimes be pages of options to turn off every setting"

    Which is exactly the intent of the people who designed those popups. Their terrible usability is no accident, it's intended to funnel users into making the choice that the website owner wants them to make instead of the choice that's in the best interest of the user. It's referred to as a dark pattern. Other examples are the huge "Sign up for prime now" button that Amazon plasters all over its checkout process whilst simultaneously providing a "No thanks" button that you have to go hunting for.

    Adhering to the letter of the law whilst still being in flagrant violation of the spirit of the law is known as malicious compliance. As for sites that refuse you access when blocking cookies, they're actually not in compliance with the laws at all, which state that you can't deny access to a service if the user chooses to reject non-essential cookies. Sites that do this should be reported

    1. steviebuk Silver badge

      Re: Malicious Compliance

      True but think it's the ICO isn't it? In the UK that deal with them? They'll do fuck all as already underfunded.

  19. Jim Whitaker
    Coat

    The Register is at fault here.

    At least this would block those annoying (and unnecessary) regular attempts by The Register to annoy us with their repeated cookie permission requests.

  20. SAdams

    Rubbish EU Law

    I can’t see why the EU made this law apply to all sites. If a site only uses cookies for defined essentials, no cross site, no adds etc, why should it be law to have a consent button?

    The consent button requirement I could live with if it was associated with ‘bad’ behaviour, it would make sense. As it stands it’s just a badly drawn up law, which I bet 99% of people click “agree to all”…

    1. Daniel Pfeiffer

      Re: Rubbish EU Law

      If you had read the other comments, you wouldn't have written this rubbish. GDPR clearly distinguishes purposes and requirements. Arguing on a "rubbish EU / good Brexit" level, doesn't change those facts.

      It's the more or less rubbish implementation many sites force down our throats, in the hope of eliciting unqualified reactions like yours, that are the real issue.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022